pac*_*low 25 web-services cxf woodstox
我使用此处的说明编写并将CXF Web服务部署到Tomcat服务器.Web服务部署得很好,因为我可以在Web浏览器中看到WSDL文件.
我的独立Java客户端程序不起作用.这是代码:
System.out.println("Creating client");
Properties properties = System.getProperties();
properties.put("org.apache.cxf.stax.allowInsecureParser", "1");
System.setProperties(properties);
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(ExampleWebService.class);
factory.setAddress("http://X.X.X.X:9090/WebServices/ExampleWebService");
ExampleWebService exampleWebService = (ExampleWebService)factory.create();
System.out.println("Done creating client");
exampleWebService.method1("test");
System.out.println("After calling method1");
我将所有jar文件(包括woodstox-core-asl-4.2.0.jar文件)从CXF 2.7.7发行版复制到客户端程序的类路径中,当我运行客户端时,我得到以下异常:
Creating client
Nov 20, 2013 8:05:26 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromClass
INFO: Creating Service {http://webservices.server/}ExampleWebServiceService from class server.webservices.ExampleWebService
Done creating client
javax.xml.ws.soap.SOAPFaultException: Cannot create a secure XMLInputFactory
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at $Proxy38.printString(Unknown Source)
at ExampleNmsWebServiceClient.printString(ExampleNmsWebServiceClient.java:29)
at ExampleNmsWebServiceClient.main(ExampleNmsWebServiceClient.java:40)
Caused by: org.apache.cxf.binding.soap.SoapFault: Cannot create a secure XMLInputFactory
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1606)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1502)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1309)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
... 3 more
我找到一个页面说"无法创建安全的XMLInputFactory"可以通过将org.apache.cxf.stax.allowInsecureParser属性设置为"1"来修复,这就是为什么我尝试在系统属性中设置它,但是没有不行.我还尝试将-Dorg.apache.cxf.stax.allowInsecureParser = 1添加到运行客户端的java命令中,但这也不起作用.(也没有将其设置为"真实"而不是1.)有关如何解决此错误的任何想法?
Lun*_*lfe 26
从CXF 2.3.x升级到2.7.x时出现此问题
从2.7.x CXF发行版添加了stax2-api和woodstox-core-asl jar,webservice再次运行.
yun*_*dus 18
从版本2.7.4开始,CXF添加了一项功能,以确保XMLInputFactory受到woodstox的保护和加载(> = 4.2.x包,请参阅StaxUtil实现)以处理拒绝服务漏洞
但事实是,在J2EE环境中,默认情况下,webservices-rt.jar优先于war libs(然后是woodstock jar).这就是加载非安全实现的原因,触发了异常.
关闭org.apache.cxf.stax.allowInsecureParser属性不是一个选项,因为它会带来DOS漏洞.
为了使类加载器更喜欢woodstox(ear/war lib)webservices-rt.jar(j2ee lib),解决方案取决于您的应用程序服务器,并在CXF应用程序服务器特定配置指南中进行了描述
Kri*_*ish 17
我有类似的问题
将此添加-Dorg.apache.cxf.stax.allowInsecureParser=1到JAVA_OPTIONSin后setDomainEnv.sh,现在工作正常.
gho*_*989 13
我在weblogic上遇到了这个问题,并通过将其添加到我的weblogic-application.xml来解决了这个问题
<prefer-application-packages>
<package-name>com.ctc.wstx.*</package-name>
</prefer-application-packages>
当我将 CXF 升级到 2.7.x 时,我遇到了同样的问题。我通过在 POM 中添加以下依赖项解决了这个问题
<dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>stax2-api</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>woodstox-core-asl</artifactId>
<version>4.4.1</version>
</dependency>